Commit 65d543b2335ede80e5e66bc4f559f62db5f469bd
Committed by
Mimi Zohar
1 parent
e3c4abbfa9
Exists in
ti-lsk-linux-4.1.y
and in
10 other branches
integrity: provide a function to load x509 certificate from the kernel
Provide the function to load x509 certificates from the kernel into the integrity kernel keyring. Changes in v2: * configuration option removed * function declared as '__init' Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Showing 2 changed files with 37 additions and 1 deletions Side-by-side Diff
security/integrity/digsig.c
... | ... | @@ -14,7 +14,7 @@ |
14 | 14 | |
15 | 15 | #include <linux/err.h> |
16 | 16 | #include <linux/sched.h> |
17 | -#include <linux/rbtree.h> | |
17 | +#include <linux/slab.h> | |
18 | 18 | #include <linux/cred.h> |
19 | 19 | #include <linux/key-type.h> |
20 | 20 | #include <linux/digsig.h> |
... | ... | @@ -83,5 +83,39 @@ |
83 | 83 | keyring[id] = NULL; |
84 | 84 | } |
85 | 85 | return err; |
86 | +} | |
87 | + | |
88 | +int __init integrity_load_x509(const unsigned int id, char *path) | |
89 | +{ | |
90 | + key_ref_t key; | |
91 | + char *data; | |
92 | + int rc; | |
93 | + | |
94 | + if (!keyring[id]) | |
95 | + return -EINVAL; | |
96 | + | |
97 | + rc = integrity_read_file(path, &data); | |
98 | + if (rc < 0) | |
99 | + return rc; | |
100 | + | |
101 | + key = key_create_or_update(make_key_ref(keyring[id], 1), | |
102 | + "asymmetric", | |
103 | + NULL, | |
104 | + data, | |
105 | + rc, | |
106 | + ((KEY_POS_ALL & ~KEY_POS_SETATTR) | | |
107 | + KEY_USR_VIEW | KEY_USR_READ), | |
108 | + KEY_ALLOC_NOT_IN_QUOTA | KEY_ALLOC_TRUSTED); | |
109 | + if (IS_ERR(key)) { | |
110 | + rc = PTR_ERR(key); | |
111 | + pr_err("Problem loading X.509 certificate (%d): %s\n", | |
112 | + rc, path); | |
113 | + } else { | |
114 | + pr_notice("Loaded X.509 cert '%s': %s\n", | |
115 | + key_ref_to_ptr(key)->description, path); | |
116 | + key_ref_put(key); | |
117 | + } | |
118 | + kfree(data); | |
119 | + return 0; | |
86 | 120 | } |
security/integrity/integrity.h
... | ... | @@ -134,6 +134,7 @@ |
134 | 134 | const char *digest, int digestlen); |
135 | 135 | |
136 | 136 | int __init integrity_init_keyring(const unsigned int id); |
137 | +int __init integrity_load_x509(const unsigned int id, char *path); | |
137 | 138 | #else |
138 | 139 | |
139 | 140 | static inline int integrity_digsig_verify(const unsigned int id, |
... | ... | @@ -147,6 +148,7 @@ |
147 | 148 | { |
148 | 149 | return 0; |
149 | 150 | } |
151 | + | |
150 | 152 | #endif /* CONFIG_INTEGRITY_SIGNATURE */ |
151 | 153 | |
152 | 154 | #ifdef CONFIG_INTEGRITY_ASYMMETRIC_KEYS |